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CLAIMS 

Please amend the pending claims as follows. 

1 . (Currently Amended) A method operational in a mobile user devic e for authentication in 
a public cryptographic system comprising: 

creating a first private key and corresponding first public key at the-amobile user device; 

creating a second private key associated with the first private key and creating a second 
public key corresponding to the second private key at the mobile user device; 

outputting the second private key from the mobile user device while retaining the first 
private key in the mobile user device, wherein outputting the second private key comprises 
wirelessly t ransmitting a plurality of shares of the second private key from the mobile user device 
to a plurality of different entities once, such that the second private key can be re-created and 
used when by the mobile user device to r e place use of the first private key is inaccessible-and 
disable the first; private key wh e n - the s e c ond private key is re created and used for auth e ntication ; 

w4reless4y~transmitting the first public key and the second public key to a verifier device 
concurrent with the first public key ; and 

using the first private key for authentication of the mobile user device. 

2. (Currently Amended) The method of claim 1, wherein wirel e ss ly— transmitting the 
plurality of shares of the second private key comprises: 

creating at least two shares of the second private key at the mobile user device; and 
wirelessly outputting each share once to a different entity. 

3. (Currently Amended) The method of claim 1 , further comprising: 

re-creating the second private key at one of the mobile user device or a replacement 
mobile user device using at least some shares of the plurality of shares; and 

using the second private key independent of the first private key for authentication of the 
mobile user device or the replacement mobile user device . 

4. (Cancelled) 
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5 . (Currently Amended) The method of claim 3, further comprising: 

creating a third private key associated with the second private key and creating a third 
public key corresponding to the third private key; and 

outputting the third public key to the verifier from th e- mo bile u s er-device. 

6. (Currently Amended) The method of claim 5, further comprising: 

outputting the third private key once as a plurality of shares such that it can be re-created; 

and 

re-creating the third private key at the mobil e user devic e using at least some of the 
plurality of shares: and 

using the third private key for authentication. 

7. (Previously Presented) The method of claim 1, wherein the second public and private 
keys are created independently from the first public and private keys. 

8. (Original) The method of claim 3, further comprising: 

creating a third private key associated with the second key and creating a third public key 
corresponding to the third private key; 

creating a fourth private key associated with the third private key and creating a fourth 
public key corresponding to the fourth private key; 

outputting the fourth private key once such that it can be re-created; and 

outputting the third and fourth public keys. 

9. (Previously Presented) The method of claim 8, further comprising: 
disabling use of the second private key for authentication; and 
using the third private key for authentication; 

re-creating the fourth private key; and 
using the fourth private for authentication. 
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1 0 . (Previously Presented) The method of claim 1 , further comprising : 
preventing retransmission of the second private key. 

11. (Currently Amended) A method for verification in a public cryptographic system 
comprising: 

wirelessly receiving a first public key from a mobile user device; 

wHetessfy-receiving a second public key from the mobile user device c oncurr e nt - wi th 
receipt of th e first public key , the second public key associated with the first public key, wherein 
the second public key has a corresponding second private key that is split into a plurality of 
shares that are sent to a plurality of different entities, where each share is sent only once and to a 
different entity, such that the second private key can be re-created and used when there is no 
access to by the mobile user device to replace una of a. first private key corresponding to the first 
public key , wherein -a nd disabl e the first private key is disabled when the second private key is re- 
created and used for authentication; 

using the first public key for authentication of the mobile user device; and 
using the second public key for authentication of the mobil e user device if the first public 
key fails. 

12. (Currently Amended) The method of claim 11, further comprising: 

receiving a third public key from one of the mobile user device or another mobile user 
d evice , the third public key associated with the second public key, if the first public key fails and 
if the second public key results in a successful authentication. 

13. (Currently Amended) The method of claim 1 1 , further comprising: 

receiving a third public key and a fourth public keynfeem- t h e mobil e user device, if the 
first public key fails and if the second public key results in a successful authentication, wherein 
the third and the fourth public keys are associated with the second key. 
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14. (Currently Amended) A mobile user device configured for authentication in a public 
cryptographic system comprising: 

means for creating a first private key and corresponding first public key at the mobile user 

device; 

means for storing the first private key at the mobile user device; 

means for creating a second private key associated with the first private key and creating 
a second public key corresponding to the second private key at the mobile user device; 

means for outputting the second private key from the mobile user device while retaining 
the first private key in the mobile user device, wherein outputting the second private key 
comprises wk^ess4y-outputting a plurality of shares of the second private key to a plurality of 
different entities once such that the second private key can be re-created and used when b v-the 
mobile us e r device to - re plaee us e of the first private key is inaccessible, wherein -and-disable the 
first private key is disabled when the second private key is re-created and used for authentication; 

means for wirel e ssly -outputting the first public key and the second public key to a verifier 
device-e oneurrent with outputting the firot public key ; and 

means for using the first private key for authentication. 

15. (Currently Amended) The device of claim 14, wherein means for wirelessly outputting 
the second public private key comprises: 

means for creating at least two shares of the second private key at the mobile user device; 

and 

means for wirelessly outputting each share once to a different entity, wherein subsequent 
outputting of the second private key is prevented. 

16. (Currently Amended) The device of claim 14, further comprising: 

means for re-creating the second private key a t one of the mobile user device or another 
mobile user device using at least some shares of the plurality of shares; and 

means for using the second private key for authentication of the one of the mobile user 
device or the other mobile user device . 
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17. (Currently Amended) The device of claim 1 6, further comprising: 

means for creating a third private key associated with the second private key and creating 
a third public key corresponding to the third private key; and 

means for wirelessly ■outputting the third public key to the verifier device. 

1 8. (Currently Amended) The device of claim 1 6, further comprising: 

means for creating a third private key associated with the second private key and for 
creating a third public key corresponding to the third private key; 

means for creating a fourth private key associated with the third private key and for 
creating a fourth public key corresponding to the fourth private key; 

means for wirele s sly outputting the fourth private key once such that it can be re-created; 

and 

means for wifetessly-outputting the third and fourth public keys to the verifier device, 

19. (Currently Amended) A verifier apparatus configured for verification in a public 
cryptographic system comprising: 

means for w i r ele s sly receiving a first public key from a mobile user device- 
means for wirelessly receiving a second public key from the mobile user device 
concurrent with re c e ipt o f th e first pub lic ke y , the second public key associated with the first 
public key, wherein the second public key has a corresponding second private key that is split 
into a plurality of shares that are sent to a plurality of different entities, where each share is sent 
only once and to a different entity, such that the second private key can be re-created and used 
when there is no access to by the mobile user device to repla ce us e - o f a first private key 
corresponding to the first public key , wherein and disabl e the first private key is disabled when 
the second private key is re-created and used for authentication; 

means for storing the first public key and the second public key; 
means for using the first public key for authentication of the mobile user device ; and 
means for using the second public key for authentication a&he-mebi l e us e r d e vic e i f the 
first public key fails. 
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20. (Currently Amended) The apparatus of claim 19. further comprising: 

means for receiving a third public key associated with the second public key from one of 
the mobile user device or another mobile user device , if the first public key fails and if the second 
public key results in a successful authentication of the mobile user device or the other mobile 
user device . 

2 1 . (Previously Presented) The apparatus of claim 1 9, further comprising: 

means for receiving a third public key and a fourth public key, if the first public key fails 
and if the second public key results in a successful authentication, wherein the third and fourth 
public keys are associated with the second public key. 

22. (Currently Amended) A machine-readable medium comprising instructions for 
performing a public cryptography, which when executed by a processor causes the processor to: 

create a first private key and corresponding first public key at a mobile us e r device ; 

create a second private key associated with the first private key and cr e ating create a 
second public key corresponding to the second private ke y - at - aroobile - user device ; 

keep- retain the first private key within the mobile user device and wirel ea sl y output the 
second private key as a plurality of shares o f the second privat e k e y to a plurality of different 
entities once such that the second private key can be re-created and used when there is no access 
by the mobil e user d e vice t o r eplace use of the first private key , wherein - and disabl e the first 
private ke y is disabled when the second private key is re-created and used for authentication; 

• wirelessly output the first public key and the second public key to a verifier device 
tieneurmit-with outputting the first publ ic-key; and 

use the first private key for authentication of th e m obi4e- user device . 

23. (Previously Presented) The machine-readable medium of claim 22, wherein outputting 
the second private key further comprises instructions to: 

create at least two shares of the second private key; and 
output each share once to a different entity. 
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24. (Previously Presented) The machine-readable medium of claim 22 further comprising 
instructions to: 

recreate the second private key; and 

use the second private key for authentication. 

25. (Cancelled) 

26. (Currently Amended) A machine-readable medium comprising instructions for 
performing a public cryptography at a verifier device, which when executed by a processor 
causes the processor to: 

wir e lessly receive a first public key from a mobile user device; 

wir e less 4y-receive a second public key from the mobile user device concurrent with 
receipt of the first public key , the second public key associated with the first public key, wherein 
the second public key has a corresponding second private key that is split into a plurality of 
shares that are sent to a plurality of different entities, where each share is sent only once and to a 
different entity, such that the second private key can be re-created and used when there is no 
access to- by th e mobile uoer device to replace us e -of a first private key corresponding to the first 
public key , wherein and disable the first private key is disabled when the second private key is re- 
created and used for authentication: 

use the first public key for authentication of the mobile user device; and 
use the second public key for authentication of the mobile user device if the first public 
key fails. 

27. (Currently Amended) The machine-readable medium of claim 26 further comprising 
instructions to: 

w irel e ssfy-reeeive a third public key associated with the second public key, if the first 
public key fails and if the second public key results in a successful authentication. 
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28. (Currently Amended) The machine-readable medium of claim 26 further comprising 
instructions to: 

wire l e ssly receive a third public key and a fourth public key associated with the second 
public key, if the first public key fails and if the second public key results in a successful 
authentication. 



29-49 (Cancelled) 



50. (Currently Amended) A mobile user device used for authentication comprising: 
a processor eonfigured-te to: 

generate a first private key and corresponding first publie-k-ev r key; 

th e processor configured to generate a second private key associated with the first 
private key key; and 

te-create a second public key corresponding to the second private key; 
a storage medium coupled to the processor, the storage medium configured to store the 
first private key; and 

a wir e l ess-transmitter coupled to the processor-te to: 

output the second private key as a plurality of shares of the second privat e key-to a 
plurality of different entities-enee once, such that the second private key can be re-created 
by the mob i le user d e vic e to r o plac c-use-of- and used when there is no access to the first 
private key , wherein and disable the first private key is disabled when the second private 
key is re-created and used for- authentication. authentication; and 

output the first public kev and the second public key to tfee-averifier device 
concurrent wit h wir eless ly outputting the first public key ; 

wherein the processor uses the first private key for authentication of the mobile user 

device. 
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5 1 . (Currently Amended) Apparatus used for verification comprising: 

a receiver configured to wtrelessly receive a first public key from a mobile user device 
and to receive a second public key from the mobile user device concurr e nt wit h -r-e c e i pt- o f-the 
first public- k ey, the second public key associated with the first public key, wherein the second 
public key has a corresponding second private key that is split into a plurality of shares that are 
sent to a plurality of different entities, where each share is sent only once and to a different entity, 
such that the second private key can be re-created and used when there is no access to b y-the 
ffl^bi-k-user-d avice to replace use of a first private key corresponding to the first public key, 
wherein and disable the first private key is disabled when the second private key is re-created and 
used for authentication; 

a storage medium coupled to the receiver, configured to store the first and second public 
keys; and 

a processor coupled to the receiver and the storage medium , the processor configured to 
use the first public key for authentication of the mobile user device, the processor configured to 
use the second public key for authentication of the mobile us e r d e vice if the first public key fails. 

52. (Cancelled) 

53. (Currently Amended) The method of claim 1 , wherein the second private key is removed 
from the mobile user device upon wirele s s transmission of the plurality of shares of the second 
private key. 

54. (Currently Amended) The device of claim 14, wherein the means for wi re l-e- s s4y 
outputting the plurality of shares of the second private key comprise means for removing the 
second private key from the mobile user device. 

55. (Currently Amended) The machine-readable medium of claim 22, wherein the processor 
is further caused to remove the second private key from the mobile device upon wi r e l e ssly 
outputting the plurality of shares of the second private key to the plurality of different entities. 
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56. (Previously Presented) The mobile user device of claim 50, wherein the processor is 
configured to remove the second private key upon the output of the plurality of shares of the 
second private key to the plurality of different entities. 

57. (New) A method operational for authentication in a public cryptographic system, 
comprising: 

re-creating a second private key at a mobile user device that has no access to a first 
private key associated with the second private key, wherein the second private key is re-created 
using at least some shares of a plurality of shares of the second pri vate key located at a plurality 
of different entities; 

creating a third private key and a corresponding third public key; and 
using the second private key for authentication of the mobile user device. 

58. (New) The method of claim 57, wherein re-creating the second private key at a mobile 
user device that has no access to the first private key includes re-creating the second private key 
at a mobile user device different from a mobile user device that created the first private key and 
the second private key. 

59. (New) The method of claim 57, further comprising: 

outputting the third private key from the mobile user device while retaining the second 
private key in the mobile user device, wherein outputting the third private key comprises 
transmitting a plurality of shares of the third private key from the mobile user device to a 
plurality of different entities once, such that the third private key can be re-created to replace use 
of the second private key; and 

transmitting the third public key to a verifier device. 

60. (New) The method of claim 57, further comprising: 
creating a fourth private and a corresponding fourth public key; 

outputting the fourth private key from the mobile user device while retaining the third 
private key in the mobile user device, wherein outputting the fourth private key comprises 
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transmitting a plurality of shares of the fourth private key from the mobile user device to a 
plurality of different entities once, such that the fourth private key can be re-created to replace 
use of the third private key; and 

transmitting the third public key and the fourth public key to a verifier device. 

61 . (New) A mobile user device adapted for authentication in a public cryptographic system, 
comprising: 

means for re-creating a second private key at a mobile user device that has no access to a 
first private key associated with the second private key, wherein the second private key is re- 
created using at least some shares of a plurality of shares of the second private key located at a 
plurality of different entities; 

means for creating a third private key and a corresponding third public key; and 
means for using the second private key for authentication of the mobile user device. 

62. (New) The mobile user device of claim 61, wherein the means for re-creating a second 
private key at a mobile user device that has no access to a first private key includes means 
located at a mobile user device different from a mobile user device that created the first private 
key and the second private key. 

63. (New) The mobile user device of claim 61, further comprising: 

means for outputting the third private key from the mobile user device while retaining the 
second private key in the mobile user device, wherein outputting the third private key comprises 
transmitting a plurality of shares of the third private key from the mobile user device to a 
plurality of different entities once, such that the third private key can be re-created to replace use 
of the second private key; and 

means for transmitting the third public key to a verifier device. 

64. (New) The mobile device of claim 61. further comprising: 

means for creating a fourth private and a corresponding fourth public key; 
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means for outputting the fourth private key from the mobile user device while retaining 
the third private key in the mobile user device, wherein outputting the fourth private key 
comprises transmitting a plurality of shares of the fourth private key from the mobile user device 
to a plurality of different entities once, such that the fourth private key can be re-created to 
replace use of the third private key; and 

means for transmitting the third public key and the fourth public key to a verifier device. 

65. (New) A machine-readable medium comprising instructions for performing a public 
cryptography, which when executed by a processor causes the processor to: 

re-create a second private key at a mobile user device that has no access to a first private 
key associated with the second private key, wherein the second private key is re-created using at 
least some shares of a plurality of shares of the second private key located at a plurality of 
different entities; 

create a third private key and a corresponding third public key; and 
use the second private key for authentication of the mobile user device. 

66. (New) The machine-readable medium of claim 65, wherein the mobile user device at 
which the second private key is re-created is a different device from a mobile user device that 
created the first private key and the second private key. 

67. (New) The method of claim 65, further comprising instructions to: 

output the third private key from the mobile user device while retaining the second 
private key in the mobile user device, wherein outputting the third private key comprises 
transmitting a plurality of shares of the third private key from the mobile user device to a 
plurality of different entities once, such that the third private key can be re-created to replace use 
of the second private key; and 

transmit the third public key to a verifier device. 

68. (New) The method of claim 65, further comprising instructions to: 
create a fourth private and a corresponding fourth public key; 
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output the fourth private key from the mobile user device while retaining the third private 
key in the mobile user device, wherein outputting the fourth private key comprises transmitting a 
plurality of shares of the fourth private key from the mobile user device to a plurality of different 
entities once, such that the fourth private key can be re-created to replace use of the third private 
key; and 

transmit the third public key and the fourth public key to a verifier device. 
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